✨ What’s New in v1.1.2? ✨

Thanks for keeping up with Dify! This patch delivers some important fixes to boost the stability and security of your operations.

Important

This update includes a critical fix for an XSS vulnerability. Cloud users are not affected by this issue.

This version disables the SVG rendering in the message. If you are using our Community Edition and meet all of the following conditions, we recommend that you upgrade to the current version immediately:

Your service is exposed to the internet.
You provide external WebApps.
You have not configured SERVICE_API_URL and FILES_URL on different domains.

🛠️ Fixes & Improvements

Security: Resolved an XSS vulnerability related to rendering SVGs, closing a security gap with help from @iamjoel in #16433.
Knowledge Base Cleanup: Fixed an issue where the OpenAPI interface couldn't delete metadata, thanks to @StrayDragon in #16365. Now clearing out old or unnecessary metadata is straightforward.
GitHub Plugin Installation: Resolved an import DSL issue that blocked the installation of the GitHub plugin, thanks to @junjiem in #16362. This patch ensures smoother plugin integrations.
Metadata Migration Check: Added a check for built-in fields during old metadata migration to ensure completeness and accuracy, contributed by @JohnJyong in #16371. Your metadata migrations have stepped up in robustness.
Literal Syntax Error Handling: Fixed errors related to literal_eval function usage, courtesy of @svcvit in #16297. These changes help keep your code from breaking due to syntax evaluation.

This update is all about refining the edges and enhancing the user experience—an essential pit-stop on our road to new features and capabilities. Keep those contributions and feedback coming, and let's make Dify even better, together! 🚀

Upgrade Guide

Docker compose deployments

Back up your customized docker-compose YAML file (optional)

cd docker
cp docker-compose.yaml docker-compose.yaml.$(date +%s).bak

Get the latest code from the main branch
```
git checkout main
git pull origin main
```
Stop the service, Command, please execute in the docker directory
```
docker compose down
```

Back up data

tar -cvf volumes-$(date +%s).tgz volumes

Upgrade services
```
docker compose up -d
```

Source Code deployments

Stop the API server, Worker, and Web frontend Server.
Get the latest code from the release branch:
```
git checkout 1.1.2
```
Update Python dependencies:
```
cd api
poetry install
```
Then, let's run the migration script:
```
poetry run flask db upgrade
```
Finally, run the API server, Worker, and Web frontend Server again.

What's Changed

fix: knowledge base openapi cannot delete metadata by @StrayDragon in #16365
fix import DSL install Github plugin failed by @junjiem in #16362
add built-in field check when doing old metadata migrate by @JohnJyong in #16371
fix error with literal_eval by @svcvit in #16297
fix: typos by @kid1412621 in #16385
fix: xss in render svg by @iamjoel in #16433
Chore: frontend infrastructure upgrade by @iamjoel in #16420
feat: replace file content type to avoid load script in svg. by @laipz8200 in #16454
chore(api): enhance ruff rules to disallow dangerous functions and modules by @QuantumGhost in #16461

New Contributors

@kid1412621 made their first contribution in #16385

Full Changelog: 1.1.1...1.1.2

langgenius/dify 1.1.2 v1.1.2 on GitHub